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Art Unit 
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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time maybe available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 9/29/03 . 
2a)H This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) [x] Claim(s) 1-20,22-24 and 26-31 is/are pending in the application. 

4a) Of the above claim(s) 21 and 25 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) (3 Claim(s) 1-20,22-24 and 26-31 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1.78. 
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DETAILED ACTION 



1 . This action is in response to applicant's amendment filed 9/29/03. 

2. Applicant's amendment to claims 1,19,20,23,27,29 have necessitated the newground(s) 
of rejection presented in this Office action. Please see new rejections below. 

3. Claims 21,25 have been canceled. 



The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

4. Claims 11,17-19,12-14,16,22,24,26,28,31 remain rejected under 35 U.S.C. 102(e) as 
being anticipated by Win et al.(US 6,182,142). 

Claims 11,17-19: Win patent disclose a method of enforcing a policy on a computer 
network where in response to an attempt by a user to access a resource on the 
network(col.3,lines 33-38), determining a group to which the user belongs and based on the 
determined group, selecting an authorizing parameter in (col.5, lines 28-61 ). Win disclose 
selecting communication parameter wherein the communication parameter is useable to 
configure a data path between the computer and the network in accordance with the policy in 
(col.5,lines 5-18). Data path and IP address for the data path is disclosed in (fig. 9 and col.9,lines 
53-62). 

Claim 12: Win disclose evaluating the link to determine a characteristic of the link and 
selecting authorizing parameter based on the determined characteristic in (fig. 1 and col.6, lines 



Claim 13: Win discloses selecting a profile based on the determined group,wherein the 
authorization parameter is contained in the profile in (col.5, lines 28-46). 



Claim Rejections - 35 USC § 102 



48-61). 
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Claim 14: Win disclose the step of referencing a user object corresponding to the user, 
wherein the user object has a group attribute representative of the group in (col. 13, lines 55- 
67;col.14,lines1-3). 

Claim 16: Win disclose evaluating the policy statement based on the determined group ; 
and if the policy statement is evaluated to be true.selecting the authorization parameter in 
(col.5,lines 28-61). 

Claims 22,24,26,28,31 :Win disclose a computer readable medium where data structure 
comprising a policy statement expressing an implementation of an policy for a computer 
network, the statement conditioned on a group to which a user communicating with the network 
over a data path belongs wherein the policy statement is useable by the network to obtain an 
authorization parameter useable to grant or deny access to a resource on the network in 
accordance with the policy in (col.5,lines 28-61 ;col.9,lines 53-62;col. 10, lines 57-67). 



The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

5. Claims 1 ,2-4,6-8,23,27,29 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over by Win etal.(US 6,182,142) in view of Vilhuber(US 6,470,453). 

Claims 1 ,29: Win patent disclose a method of enforcing a policy on a computer network 
where in response to an attempt by a user to access a resource on the network(col.3,lines 33- 
38), determining a group to which the user belongs and based on the determined group, 
selecting an authorizing parameter in (col. 5, lines 28-61). Win disclose the authorization 
parameter is usable to grant or deny access to resource in accordance with the policy in 



Claim Rejections - 35 USC § 103 
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(col.3,lines 33-44). Win does not specifically disclose authorization parameter is used by the 
network access server where NAS being interposed between the user and the resource. 
Vilhuber's patent teaches network access server where user is coupled to the computer network 
through NAS to grant or deny access to the resource in accordance with the policy in 
(fig. 1 ,#102,103,108 and col.6,lines 40-46). It would have been obvious to person of ordinary skill 
in the art to employ network access server,taught in Vilhuber with network access system 
disclosed in Win in order to block off or secure against unauthorized user from entering the 
network. Having NAS to perform security functions such as password checking, source 
checking and security parameter checking relieves a resource computer from conducting 
security procedures which can be time consuming but most importantly security maybe 
breached. Further, NAS serves a security wall so that before any user tries to contact the 
resource computer directly, user must go through NAS first before entering the network thereby 
adding another layer of security to the system. 

Claim 2: Win discloses evalua ting the link to d^ tg^gjn ea characteristic of th^Jh klind 
selecting authorizing parameter based on the determined characteristic in (fig. 1 and col.6,lines 
48-61). 

Claim 3: Win discloses selecting a profile based on the determined group.wherein the 
authorization parameter is contained in the profile in (col.5,lines 28-46). 

Claim 4: Win disclose the step of referencing a user object corresponding to the user, 
wherein the user object has a group attribute representative of the group in (col.13,lines 55- 
67;col.14,lines 1-3). 

Claim 6: Win disclose evaluating the policy statement based on the determined group ; 
and if the policy statement is evaluated to be true,selecting the authorization parameter in 
(col.5,lines 28-61). 
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Claims 7-8: Neither Win nor Vilhuber specifically disclose specific time frame in which 
the user is permitted to access the network. Examiner takes Official notice that setting time 
frame to access the network is well known in the art. One of ordinary skill in the art would have 
been motivated to restrict usage time in order to manage its servers from being bogged down. 
Such that setting specific time frame for each group or users to access the network allows 
system to run smoothly avoiding system crash. 

Claims 23,27: Win patent disclose a method of enforcing a policy on a computer network 
where in response to an attempt by a user to access a resource on the network(col.3,lines 33- 
38), determining a group to which the user belongs and based on the determined group, 
selecting an authorizing parameter in (col. 5, lines 28-61). Win disclose the authorization 
parameter is usable to grant or deny access to resource in accordance with the policy in 
(col.3,lines 33-44). Win does not specifically disclose authorization parameter is used by the 
network access server where NAS being interposed between the user and the resource. 
Vilhuber* s patent teaches network access server where user is coupled to the computer network 
through NAS to grant or deny access to the resource in accordance with the policy in 
(fig. 1, #102,103,108 and col.6,lines 40-46). It would have been obvious to person of ordinary skill 
in the art to employ network access server.taught in Vilhuber with network access system 
disclosed in Win in order to block off or secure against unauthorized user from entering the 
network. Having NAS to perform security functions such as password checking, source 
checking and security parameter checking relieves a resource computer from conducting 
security procedures which can be time consuming but most importantly security maybe 
breached. Further, NAS serves a security wall so that before any user tries to contact the 
resource computer directly, user must go through NAS first before entering the network thereby 
adding another layer of security to the system. 
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6. Claim 5,9-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Win et 
al.(US 6,182,142) in view of Vilhuber(US 6,470,453) and further in view of Paxhia et al.(US 
6,493,749). 



Claims 5,9,10: Neither Win nor Vilhuber does specifically disclose adding an override 



associated with the user to the profile in (col. 37, lines 2-28). It would have been obvious to 
person of ordinary skill in the art at the time invention was made to add an override attribute 
associated with the user to the profile as taught in Paxhia with user profile template disclosed in 
Win or Vilhuber because overriding features such as called telephone number can be used to 
callback or not callback to the user or to control access to the long distance resources of the 
network. 

7 Claims 20,30,32 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over Win et 
al.(US 6,182,142). 

Claim 20; Win does not disclose encryption level. Official notice is taken that encryption 
level is well known in the art. For example, different levels of encryption are used for different 
types of data. One of ordinary skill in the art would have been motivated to use different 
encryption level because highly sensitive information such as social, credit card 
number,password when transmitting over the network requires high level of encryption in order 
to safeguard its data against hackers. 

Claims 30,32: Win disclose all the limitation. Win does not disclose user access over a 
dial up link using a called number. Official notice is taken that dial up link is well known in the 
art. One of ordinary skill in the art would have been motivated to use called number because 
with dial up link user can be called back and offers convenient and cost efficient to access 
remote site. 




user to the profile. Paxhia disclose adding an override attribute 
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8. Claim 1 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Win etal.(US 
6,182,142) in view of Paxhia et al.(US 6,493,749). 

Claim 15: Win does not specifically disclose adding an override attribute associated with 
the user to the profile. Paxhia disclose adding an override attribute associated with the user to 
the profile in (col.37, lines 2-28). It would have been obvious to person of ordinary skill in the art 
at the time invention was made to add an override attribute associated with the user to the 
profile as taught in Paxhia with user profile template disclosed in Win because overriding 
features such as called telephone number can be used to callback or not callback to the user or 
to control access to the long distance resources of the network. 

Response to Applicant's Arguments 

9. Applicant has argued that Win does not disclose a data path and an IP address and 
communication parameter is usable to configure a data path between the computer and the 
network accordance with the policy. In response: examiner disagrees. Win's patent discloses 
data path and an IP address for a data path is disclosed in (col. 10, lines 61-66). Further, in 
fig.5B, Win discloses that user information(#508) is transmitted to the registry server #108. Note 
that registry server configures two data path, one is routed to the #510 and other routed to 

#51 6. Applicant has argued that Win does not disclose determining a medium type or basing a 
decision on whether to grant or deny access based upon medium type. In response: examiner 
disagrees. Win disclose medium type in (col.3,lines 33-38). Applicant argues that if the 
rejections are maintained in a subsequent Office Action in view of Official Notice. Applicant 
requests a reference teaching the features that are not disclosed in Win. In response: Applicant 
has not provided any substantial information,evidence,or argument challenging the taking of 
Official notice in the rejection of these claims. See MPEP 244 .03. 
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Conclusion 



10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1 A 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

1 1 . Any inquiry concerning this communication should be directed to Hosuk Song whose 
telephone number is (703)305-0042. The examiner can normally be reached on Tuesday 
through Friday from 6:00 a.m. to 4:00 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the Group receptionist, whose telephone number is (703) 305-3900. 





GILBERT0 BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



